<?php
/**
*
* @package YubiKey Login
* @version 1.0.3
* @copyright (c) 2010 Tim Schlueter
* @license http://opensource.org/licenses/gpl-license.php GNU Public License 
*
*/

/**
* @ignore
*/
if (!defined('IN_PHPBB'))
{
	exit;
}

class ucp_yubikey_reportlost
{
	var $u_action;

	function main($id, $mode)
	{
		global $phpbb_root_path, $phpEx;
		global $db, $user, $template, $config;

		$submit		= (isset($_POST['submit'])) ? true : false;
		$username	= request_var('username', '', true);
		$email		= strtolower(request_var('email', ''));

		$form_name = 'ucp_yubikey_reportlost';
		add_form_key($form_name);

		if ($submit && !check_form_key($form_name))
		{
			trigger_error($user->lang['FORM_INVALID'], E_USER_WARNING);
		}
		
		if ($submit && $config['allow_yubikey_login'])
		{
			// Validate username and e-mail address
			$sql  = ' SELECT user_id, username, user_email, user_jabber, user_notify_type, user_type, user_lang, user_inactive_reason, user_yubikey_mask';
			$sql .= ' FROM ' . USERS_TABLE;
			$sql .= ' WHERE user_email_hash = \'' . $db->sql_escape(phpbb_email_hash($email)) . '\'';
			$sql .= ' AND username_clean = \'' . $db->sql_escape(utf8_clean_string($username)) . '\'';
			$result = $db->sql_query($sql);
			$user_row = $db->sql_fetchrow($result);
			$db->sql_freeresult($result);

			if (!$user_row)
			{
				trigger_error('NO_EMAIL_USER', E_USER_WARNING);
			}

			if ($user_row['user_type'] == USER_IGNORE)
			{
				trigger_error('NO_USER', E_USER_WARNING);
			} 
			
			if ($user_row['user_type'] == USER_INACTIVE)
			{
				if ($user_row['user_inactive_reason'] == INACTIVE_MANUAL)
				{
					trigger_error('ACCOUNT_DEACTIVATED', E_USER_WARNING);
				}
				else
				{
					trigger_error('ACCOUNT_NOT_ACTIVATED', E_USER_WARNING);
				}
			}

			// Generate a random key atleast 6 characters long
			$server_url = generate_board_url();

			$key_len = 54 - strlen($server_url);
			$key_len = max(6, $key_len); // we want at least 6

			$random_key = substr(gen_rand_string(10), 0, $key_len);

			// Update YubiKey as lost reported
			$sql = 'UPDATE ' . YUBIKEY_TABLE . ' SET lost_key = \'' . $db->sql_escape($random_key) . '\' WHERE user_id = ' . (int) $user_row['user_id'];
			$db->sql_query($sql);
			
			// Send YubiKey lost confirmation mail to user's registered e-mail address
			include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);

			$messenger = new messenger(false);

			$messenger->template('user_lost_yubikey', $user_row['user_lang']);

			$messenger->to($user_row['user_email'], $user_row['username']);
			$messenger->im($user_row['user_jabber'], $user_row['username']);

			$messenger->assign_vars(array(
				'USERNAME'	=> htmlspecialchars_decode($user_row['username']),
				'U_ACTIVATE'	=> "$server_url/ucp.$phpEx?mode=yubikey_confirmlost&u={$user_row['user_id']}&k=$random_key")
			);

			$messenger->send($user_row['user_notify_type']);

			meta_refresh(5, append_sid("{$phpbb_root_path}index.$phpEx"));

			//
			$message = $user->lang['YUBIKEY_LOST_REPORTED'] . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.$phpEx") . '">', '</a>');
			trigger_error($message);
		}

		// Set up the page
		$this->tpl_name = 'ucp_yubikey_reportlost';
		$this->page_title = 'YUBIKEY_REPORTLOST';

		$template->assign_vars(array(
			'USERNAME'	=> $username,
			'EMAIL'		=> $email,
			'U_REPORTLOST'	=> append_sid("{$phpbb_root_path}ucp.$phpEx?mode=yubikey_reportlost"),
		));
	}
}

?>